Perhaps maintaining is the wrong word. MSLogon 2 uses NTLM, which Microsoft has advised not to use. It would be best to use Kerberos if available to connect to an AD domain. Also, I had thought that the original implementer (Mascha?) had left for other pastures...

Yeah, now that you mention it, it always did seem a little "quaint" the way MSLogon prefers using local groups first (though that does make it fit well with home LAN users). Honestly I didn't know it lacked Kerberos support; I'm surprised. But MSLogon's not a feature I use ordinarily.